/**
 * 
 */
package com.jjt.kiki.shiro.realm;

import java.util.List;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

/**
 * 授权authorizingRealm 里面可以附带验证
 * @author jiangjintai
 *
 */
public class UserAuthorizingRealm extends AuthorizingRealm {
//	@Autowired
//	UserService userService;
//	@Autowired
//	RolePerssionService rolePerssionService;
	/* （非 Javadoc）
	 * @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
	 */
	@Override
	//授权
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//		Integer userId = (Integer) principalCollection.getPrimaryPrincipal();//只有一个realm所以可以直接调用这个方法
//		TUser user = userService.findById(userId);
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//		TRole role = user.getTRole();
//		info.addRole(role.getName());
//		List<TRolePerssion> rolePerssions = rolePerssionService.findByTRole(role);
//		for(TRolePerssion rp : rolePerssions){
//			info.addStringPermission(rp.getTPerssion().getName());
//		}
		return info;
	}

	/* （非 Javadoc）
	 * @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
	 */
	@Override
	//认证
	protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken token) throws AuthenticationException {
//		String phone = (String)token.getPrincipal();
//		String password = new String((char[])token.getCredentials()); //得到密码 转入时变成数组了。。
//
//		TUser user = userService.findByPhoneAndPassword(phone, password);
//		if(user==null)
//			throw new  UnknownAccountException();
//		if(user.getIsDelete()==1)
//			throw new  DisabledAccountException();
		//封装信息
//		return new SimpleAuthenticationInfo(user.getUserId(), password, getName());
		return null;
	}

}
